Course syllabus for Computer security

Course syllabus adopted 2023-02-04 by Head of Programme (or corresponding).

Overview

  • Swedish nameDatasäkerhet
  • CodeEDA264
  • Credits7.5 Credits
  • OwnerMPCSN
  • Education cycleSecond-cycle
  • Main field of studyComputer Science and Engineering, Software Engineering
  • DepartmentCOMPUTER SCIENCE AND ENGINEERING
  • GradingTH - Pass with distinction (5), Pass with credit (4), Pass (3), Fail

Course round 1

  • Teaching language English
  • Application code 12123
  • Maximum participants160 (at least 10% of the seats are reserved for exchange students)
  • Block schedule
  • Open for exchange studentsYes
  • Only students with the course round in the programme overview.

Credit distribution

0123 Laboratory 1.5 c
Grading: UG
1.5 c
0223 Written and oral assignments 6 c
Grading: TH
6 c

In programmes

Examiner

Go to coursepage (Opens in new tab)

Eligibility

General entry requirements for Master's level (second cycle)
Applicants enrolled in a programme at Chalmers where the course is included in the study programme are exempted from fulfilling the requirements above.

Specific entry requirements

English 6 (or by other approved means with the equivalent proficiency level)
Applicants enrolled in a programme at Chalmers where the course is included in the study programme are exempted from fulfilling the requirements above.

Course specific prerequisites

General requirements from a Bachelor's degree are required. Knowledge in a programming language, such as C, is also required. The course EDA093 Operating systems or equivalent is recommended.

Aim

The course gives basic knowledge in the security area, i.e. how to protect your system against intentional intrusions and attacks. The purpose of intrusions can be made to change or delete resources (data, programs, hardware, etc), to get unauthorized access to confidential information or unauthorized use of the system's services. The course covers threats and vulnerabilities in the computer systems and networks, as well as rules, methods and mechanisms for protection. Modeling and assessment of security and dependability as well as metrication methods are covered. During a few lectures, a holistic security approach is taken and organizational, business-related, social, human, legal and ethical aspects are treated.

Learning outcomes (after completion of the course the student should be able to)

After completing the course the student shall have acquired the following knowledge goals. The student shall:

    * have an overall, fundamental understanding of computer security and realize the consequences of insecurity
    * have a general knowledge of protection mechanisms
    * be capable of making a security analysis of different types of systems and suggest ways to improve security
    * be able to deal with a few methods for security modeling
    * understand common methods for security assessment, evaluation and metrication
    * have improved his or her skill in technical writing
    * be able to reason on the ethical and social aspects of computer security.

Content

Introduction to computer security: definitions, terminology, standards. Some practical examples. Relation to dependability, reliability, availability and safety. UNIX security: file system, system administration, passwords and accounts, authorization. Security threats: systematic approach, physical security, including tempest, viruses, worms, Trojan horses, and logic bombs. Information hiding, steganography and covert channels. Introduction to cryptography. Secure operating systems. Security mechanisms: authentication, authorization, access control, file protection, reference monitor, encryption and separation. Intrusion detection systems. Deception systems. Security Models: Bell-LaPadula, Biba, Chinese wall etc. Introduction to Network Security and firewalls.
Database security, defensive programming, injection attacks.
Security metrics. Security management and organisation. Security policy and risk analysis. Social engineering, cyber criminality and information warfare. Laws and ethics.

Organisation

The course consists of a series of lectures, exercises and laborative exercises. Normally, one or two lectures are given by lecturers from industry, who give an application perspective on security. The laborative exercises focus on a few common security mechanisms. 

Computer security is one of the courses proposed in the security specialization at Chalmers and Göteborg University. It gives an overview of the field. For those with interest in the security specialization we recommend this course (EDA263) as an overview and refer to the other courses for depth, Cryptography (TDA351), Network security (EDA491) and Language-based security (TDA602). Ethical and social aspects in relation to computer science are further developed in the course DAT147.

Literature

See separate literature list.

Examination including compulsory elements

The course is examined by laboratory exercises done in groups and through individual mandatory assignments, where a voluntary written hall exam is included.

In order to be awarded the grade 3 for the whole course, the student must pass the laboratory exercises and the mandatory assignments.

In order to be awarded the grade 4 or 5 for the whole course, the student must get the grade 4 respective 5 on the written exam and pass the other sub-courses.

The course examiner may assess individual students in other ways than what is stated above if there are special reasons for doing so, for example if a student has a decision from Chalmers on educational support due to disability.